Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, says that it has managed to restore systems after a September Ryuk ransomware attack.

Siri found another Bondy Ransomware variant that appends the .Connect extension.

Siri found a new ransomware that calls itself 'Hentai OniChan Version King Engine' and appends the .docm extension to encrypted files.

0x4143 found a new in-development ransomware called Ransomkart that appends the .ransomkart extension.

Siri found a variant of the CCE ransomware that appends the .aieou extension to encrypted files.

Michael Gillespie found a new Wanna Scream variant that appends the .Bang extension to encrypted files.

Michael Gillespie found a new STOP ransomware variant that appends the .jdyi extension to encrypted files.

Siri found the Bondy Ransomware that appends the .bondy extension and drops a ransom note named HELP_DECRYPT_YOUR_FILES.txt.

GrujaRS found a new ransomware called MyRansom that does not append an extension but drops a ransom note named README.TXT.

The DoppelPaymer ransomware gang has released unencrypted data stolen from Hall County, Georgia, during a cyberattack earlier this month.

Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S.

In a joint statement, the U.S. government is warning the healthcare industry that a hacking group is actively targeting hospitals and healthcare providers in Ryuk ransomware attacks.

REvil ransomware developers say that they made more than $100 million in one year of extorting large businesses across the world from various sectors.

​The Maze cybercrime gang is shutting down its operations after rising to become one of the most prominent players performing ransomware attacks.

MalwareHunterTeam found the RegretLocker ransomware that appends the .mouse extension and drops a ransom note named HOW TO RESTORE FILES.TXT.

GrujaRS found a new Ragnar Locker ransomware variant that appends the .__r4gN4r__XXXXXXX extension and drops a ransom note named !!!_READ_ME_XXXXXXX_!!!.txt.

In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of British Columbia (UBC) with a fake COVID-19 survey.

0x4143 found a new Wanna Scream variant that appends the .H@RM@ extension and drops ransom notes named info.hta and ReadMe.txt.

0x4143 found a new ransomware called SnapDragon that appends the .SNPDRGN extension to encrypted files.

MalwareHunterTeam found 'Ransomware COVID' that appends the .crypt extension to encrypted files.

Michael Gillespie found a new ransomware that appends the .mars extension to encrypted files and drops a ransom note named !!!MARS_DECRYPT.TXT.

Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.

Networks of giant energy company Enel have been hit by a ransomware attack for the second time this year. This time, it's Netwalker asking $14 million ransom for the decryption key.

Karsten Hahn found ransomware written in Rust called Ransomware32 that appends the ._encrypted extension and drops a ransom note named README_encrypted.txt.

Amigo-A found a new variant of TheDMR Ransomware that calls itself 'Alvin Ransomware' and appends the .ALVIN extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.txt.

Minerals Technologies Inc. (the “Company”) today announced that on October 22, 2020, it detected a ransomware attack impacting certain of its information technology systems. Immediately upon its detection of the security incident, which prevented access to certain systems and data within the Company’s network, the company implemented its cyber security emergency response plan. As part of that plan, Company took steps to restore its network and resume normal operations as quickly as possible. The Company launched an investigation working with industry-leading cybersecurity firms, engaged legal counsel, notified law enforcement and is in the process of notifying appropriate governmental authorities.

Michael Gillespie found a new Xorist ransomware variant that appends the .ZaLtOn extension to encrypted files.

Michael Gillespie found a new STOP ransomware variant that appends the .iiss extension to encrypted files.

French enterprise IT services company Sopra Steria confirmed today that they were hit with a Ryuk ransomware attack on October 20th, 2020.

In late September, Coveware’s CEO, Bill Siegel, was invited to testify before the Federal Spending Oversight Subcommittee of the Committee on Homeland Security and Governmental Affairs. The topic: Defending Our State & Local Communities from Cyber Threats Amid COVID-19. The committee hearing was postponed after the passing of Ruth Bader Ginsberg, and while we look forward to the hearing be rescheduled, we figured would publish our submitted testimony anyway. The testimony explains the market dynamics of ransomware, and our thoughts on how to most efficiently and effectively protect our state & local communities from cyber threats.

dnwls0719 found a new ransomware targeting Russia that appends the .pizhon-(Random) extension to encrypted files.

GrujaRS found a new Syzmekk ransomware variant that appends the .Szymekk extension.

GrujaRS found a new Yatron Decrypt0r variant that appends the .Down_With_Usa extension to encrypted files.

xiaopao found the new Clay Ransomware.ransomware called Clay.

xiaopao found a new Dharma ransomware variant that appends the .Acuf2 extension.

Siri found a new HiddenTear ransomware variant that pretends to be a GTA V instaler, but encrypts your files with the .AnoymouS extension.

The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware.

US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems.

Karsten Hahn discovere that Venom RAT has added a ransomware module that appends the .Venom extension.

French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware.

Marcelo Rivero found a new Dharma ransomware variant that appends the .bH4T extension.

Montreal's Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.

LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Siri found a new ransomware that appends the .32aa extension to encrypted files.

Siri found a new Black Heart ransomware variant that appends the .Viper extension to encrypted files.

Michael Gillespie found a new STOP ransomware variant that appends the .nypg extension to encrypted files.

Jakub Kroustek found a new Dharma ransomware variant that appends the .259 extension to encrypted files.

The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack.

The operators of Darkside ransomware have donated some of the money they made extorting victims to nonprofits Children International and The Water Project.

Marcelo Rivero found a new ransomware named Vaggen that appends the .VAGGEN extension and drops ransom notes named ABOUT_UR_FILES.txt and AboutYourFiles.txt.

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.

Michael Gillespie found a new STOP ransomware variant that appends the .efji extension to encrypted files.

@Glacius_ found a copy of BlackKingdom ransomware that was renamed to Pransomware.

Jakub Kroustek found new Dharma ransomware variants that append the .Crypt and .LCK extension to encrypted files.

Michael Gillespie found a new HiddenTear ransomware named MadDog that appends the .id-.[maddogteam@airmail.cc].MadDog to encrypted files.

We’re happy to announce the availability of a new decryptor for MaMoCrypt, a strain of ransomware that appeared in December last year.

Sports data provider Stats Perform has been down for almost a week thanks to a ransomware hack, Legal Sports Report understands.

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom.

Siri found a new ransomware that appends the .CRPTD extension.

xiaopao found the Adhubllka Ransomware that appends the .see_read_me and drops a ransom note named Read_Me.txt.

Michael Gillespie found a new STOP Ransomware variant that appends the .mmpa extension.

The Egregor ransomware gang has hit game developer Crytek in a confirmed ransomware attack and leaked what they claim are files stolen from Ubisoft's network.

Amigo-A found a new variant of the Scarab Ransomware that appends the .Bioawards extension and drops ransom notes named Instruction.txt and DECRYPT FILES.TXT.

Siri found a new PewPew ransomware variant that appends the .artemis extension.

xiaopao found the Dharma ransomware variant that appends the .zxcv extension.

xiaopao found a new Philadelphia Ransomware variant.

​U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers' data.

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method.

xiaopao found the Badboymnb Ransomware that appends the .Badboy extension and drops a ransom note named ReadME-BadboyEncryption.txt.

The city council systems for the London Borough of Hackney have been hit with a 'serious' cyberattack that impacts many of their services and IT systems.

International law firm Seyfarth Shaw announced on Monday that it was the victim of a ransomware attack over the weekend.

Arkbird found a new Loki Stealer variant that steals files and then encrypts your computer. When encrypting, it appends the .loki extension to encrypted files.

Siri found a new Nephilim ransomware variant that appends the .MERIN extension.

The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials.

Michael Gillespie found a new STOP Ransomware variant that appends the .foqe extension.

Michael Gillespie found a new Matrix Ransomware variant that appends the .TG33 extension and drops the TG33_INFO.rtf ransom note.

The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.

TrickBot, one of the most active botnets on the planet, recently has suffered some strong blows from actors in the cybersecurity industry aiming at disrupting its operations.

Tyler Technologies has paid a ransom for a decryption key to recover files encrypted in a recent ransomware attack.

S!Ri found a new in-development ransomware that appends .en extension to encrypted files.

Jakub Kroustek found new Dharma ransomware variants that append the .gtsc or .dme extension to encrypted files.

Carnival Corporation, the world's largest cruise line operator, has confirmed that the personal information of customers, employees, and ship crews was stolen during an August ransomware attack.

The Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a ransom of $23 million after stealing employee information and company documents.

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September.

The Springfield Public Schools district in Massachusetts has become the victim of a ransomware attack that has caused the closure of schools while they investigate the cyberattack.

MalwareHunterTeam found a new Android ransomware called CyberSplitter that appends the .Dcry extension to encrypted files.

S!Ri found a new ransomware that appends .woodrat to encrypted files.

Michael Gillespie is looking for a new ransomware that appends the extension .CURATOR and drops a ransom note named !=HOW_TO_DECRYPT_FILES=!.txt.

FONIX Raas (Ransomware as a Service) is an offering that first came to attention in July of this year. It did not make much of a splash at the time, and even currently, we are only seeing small numbers of infections due to this ransomware family. However, RaaS that at first fly under the radar can quickly become rampant if defenders and security solutions remain unaware of them. Notably, FONIX varies somewhat from many other current RaaS offerings in that it employs four methods of encryption for each file and has an overly-complex post-infection engagement cycle. In this post, we dig a little deeper into these and other peculiarities of this new RaaS offering.

Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.

xXToffeeXx found a new ransomware dubbed SantaCrypt that appends the .$anta and drops a ransom note named HOW_TO_RECOVER_MY_FILES.TXT.

Michael Gillespie found a new ransomware called EYECRY that is a customized version of the Petya ransomware/bootlocker.

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .moss extension to encrypted files.

Karsten Hahn tweeted about a new Babax variant called Osno Stealer that includes a ransomware module that appends the .osnoed.

A new ransomware vaccine program has been created that terminates processes that try to delete volume shadow copies using Microsoft's vssadmin.exe program,

Jakub Kroustek found a new Dharma ransomware variant that appends the .FLYU extension to encrypted files.

University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info.

Marcelo Rivero found a new variant of the Dharma Ransomware that appends the .homer extension to encrypted files.

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) today said that organizations that assist ransomware victims to make ransom payments are facing sanctions risks as their actions could violate OFAC regulations.

A ransomware operation has started to utilize a new tactic to extort their victims: DDoS a victim's website until they return to the negotiation table.

The Netwalker ransomware operators have published the stolen data for K-Electric, Pakistan's largest private power company, after a ransom was not paid.

0x4143 found a new ransomware that appends the '.mame vse' extension to encrypted files.

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .fresh extension to encrypted files.

So SunCrypt pledges to leave medical entities alone, and DataBreaches.net hopes they stick to their pledge on that. But who will be they be focusing on, then? According to the spokesperson, “Suncrypt is after the cybersecurity companies,” and they say we will all be seeing proof of that very soon.

QNAP has issued an advisory about a recent wave of ransomware attacks targeting its NAS storage devices and encrypting files.

Blackbaud, a leading cloud software provider, confirmed that the threat actors behind the May 2020 ransomware attack had access to unencrypted banking and login information, as well as social security numbers.

dnwls0719 found a new Phobos Ransomware variant that appends the .isos extension to encrypted files.

Michael Gillespie found a new STOP Ransomware variant that appends the .lyli extension to encrypted files.

US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems on Saturday.

The threat actors behind the Exorcist 2.0 ransomware are using malicious advertising to redirect victims to fake software crack sites that distribute their malware.

GrujaRS found a new ransomware that appends the .easyransom extension and drops a ransom note named easyransom_readme.txt.

M. Shahpasandi found a new MedusaLocker ransomware variant that appends the .lr extension.

Michael Gillespie found a new Dharma Ransomware variant that appends the .WSHLP extension.

CMA CGM S.A., a French maritime transport and logistics giant, today disclosed a malware attack affecting some servers on the edge of its network.

The REvil Ransomware (Sodinokibi) operation has deposited $1 million in bitcoins on a Russian-speaking hacker forum to prove to potential affiliates that they mean business.

Universal Health Services (UHS), a Fortune 500 hospital and healthcare services provider, has reportedly shut down systems at healthcare facilities around the US after a cyber-attack that hit its network during early Sunday morning.

GrujaRS found a new ransomware that appends the .babaxed extension and drops a ransom note named RECOVERY INSTRUCTIONS.

A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free.

Tyler Technologies is warning clients to change the passwords for the technology provider's remote access accounts after suspicious logins have been reported.